Vulnerability Details : CVE-2013-6400
Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors.
Vulnerability category: Denial of service
Products affected by CVE-2013-6400
- cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6400
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6400
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:A/AC:H/Au:N/C:C/I:C/A:C |
3.2
|
10.0
|
NIST |
CWE ids for CVE-2013-6400
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6400
-
http://security.gentoo.org/glsa/glsa-201407-03.xml
Xen: Multiple Vunlerabilities (GLSA 201407-03) — Gentoo security
-
http://www.openwall.com/lists/oss-security/2013/12/10/7
oss-security - Xen Security Advisory 80 (CVE-2013-6400) - IOMMU TLB flushing may be inadvertently suppressed
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
[security-announce] SUSE-SU-2014:0373-1: important: Security update for
-
http://www.securitytracker.com/id/1029468
Xen IOMMU TLB Flush Flaw Lets Local Users Gain Elevated Privileges - SecurityTracker
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125111.html
[SECURITY] Fedora 19 Update: xen-4.2.3-12.fc19
-
http://lists.xen.org/archives/html/xen-announce/2013-12/msg00002.html
Xen project Mailing List
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125081.html
[SECURITY] Fedora 18 Update: xen-4.2.3-12.fc18
Jump to